Security system and method for internet of things infrastructure elements
First Claim
Patent Images
1. A security method for an enterprise infrastructure:
- determining a particular unspoofable tag assigned to a particular internet of things (IoT) device in a category of IoT devices that is part of an enterprise infrastructure, wherein each unspoofable tag is assigned to a plurality of IoT devices in the category and each unspoofable tag is certified by a public key certificate that cannot be faked;
retrieving a particular security policy rule assigned to the particular unspoofable tag from a policy rule engine, the policy rule engine having a plurality of security policy rules wherein each security policy rule is assigned to each category of IoT devices, the particular security policy rule defining a security access policy for the particular category of IoT devices;
verifying a certificate of particular category of IoT devices, extracting, an identifier and a tag from the certificate of the particular category of IoT devices and determining whether to permit a communication between the particular category of IoT devices and other category of IoT devices based on the tags of the particular category of IoT devices and the other category of IoT devices; and
implementing a security policy for the particular category of IoT devices in the enterprise infrastructure using the particular security policy rule, the security policy controlling the communications between the particular category of IoT devices and other category of IoT devices of the enterprise infrastructure.
2 Assignments
0 Petitions
Accused Products
Abstract
A security system and method are provided that manage the security of a plurality of internet of things (IoT) devices that are part of an enterprise infrastructure. The security system and method may use unspoofable tags wherein each unspoofable tag may be assigned to a category of IoT devices and each unspoofable tag may have a security policy rule assigned to the unspoofable tag (and thus the category of IoT devices) so that IoT devices that are part of the enterprise infrastructure are secured by the security policy rule.
64 Citations
32 Claims
-
1. A security method for an enterprise infrastructure:
-
determining a particular unspoofable tag assigned to a particular internet of things (IoT) device in a category of IoT devices that is part of an enterprise infrastructure, wherein each unspoofable tag is assigned to a plurality of IoT devices in the category and each unspoofable tag is certified by a public key certificate that cannot be faked; retrieving a particular security policy rule assigned to the particular unspoofable tag from a policy rule engine, the policy rule engine having a plurality of security policy rules wherein each security policy rule is assigned to each category of IoT devices, the particular security policy rule defining a security access policy for the particular category of IoT devices; verifying a certificate of particular category of IoT devices, extracting, an identifier and a tag from the certificate of the particular category of IoT devices and determining whether to permit a communication between the particular category of IoT devices and other category of IoT devices based on the tags of the particular category of IoT devices and the other category of IoT devices; and implementing a security policy for the particular category of IoT devices in the enterprise infrastructure using the particular security policy rule, the security policy controlling the communications between the particular category of IoT devices and other category of IoT devices of the enterprise infrastructure. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. An apparatus, comprising:
-
a transport layer service (TLS) element that is coupled to an infrastructure, the infrastructure having a plurality of internet of things (IoT) device that form part of the infrastructure; the TLS element having a controller that enforces a security policy rule for each IoT device that is part of the infrastructure; the TLS element having a tag engine that determines a particular unspoofable tag assigned to a particular IoT device in a category of IoT devices, wherein each unspoofable tag is assigned to a plurality of IoT devices in the category and each unspoofable tag is certified by a public key certificate that cannot be faked; the TLS element having a security policy rule engine from which a particular security policy rule assigned to the particular unspoofable tag is retrieved, the policy rule engine having a plurality of security policy rules wherein each security policy rule is assigned to each category of IoT devices, the particular security policy rule defining a security access policy for the particular category of IoT devices; the TLS element having a policy enforcement point connected to the controller that is capable of verifying a certificate of the particular category of IoT devices, extracting an identifier and a tag from the certificate of the particular category of IoT devices and determining whether to permit a communication between the particular category of IoT devices and the other category of IoT devices based on the tags of the particular category of IoT devices and the other category of IoT devices; and the TLS element configured to implement a security policy for the particular category of IoT devices across the infrastructure using the particular security policy rule, the security policy controlling the communications between the particular category of IoT devices and other category of IoT devices of the enterprise infrastructure. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A method for security for an internet of things (IoT) device in an enterprise infrastructure, the method comprising:
-
identifying an IoT device that is part of an enterprise infrastructure; determining a particular unspoofable tag assigned to the discovered IoT device in a category of IoT devices, wherein each unspoofable tag is assigned to a plurality of IoT devices in the category and each unspoofable tag is certified by a public key certificate that cannot be faked; identifying a particular security policy rule assigned to the particular unspoofable tag from a policy rule engine, the policy rule engine having a plurality of security policy rules wherein each security policy rule is assigned to each category of IoT devices, the particular security policy rule defining a security policy for the particular category of IoT devices wherein the particular security policy rule implements enterprise infrastructure security for the discovered IoT device; and verifying a certificate of particular category of IoT devices, extracting, an identifier and a tag from the certificate of the particular category of IoT devices and determining whether to permit a communication between the particular category of IoT devices and other category of IoT devices based on the tags of the particular category of IoT devices and the other category of IoT devices. - View Dependent Claims (28, 29, 30, 31, 32)
-
Specification